CVE-2026-48142
AI description
CVE-2026-48142 is a vulnerability affecting NGINX Plus and NGINX Open Source, specifically within the `ngx_http_charset_module`. This flaw arises when a location block is configured with both `source_charset utf-8;` and an additional `charset` directive, such as `charset koi8-r;`. Under these specific conditions, remote and unauthenticated attackers can send specially crafted requests. These requests can exploit the vulnerability to cause a heap buffer over-read in the NGINX worker process, which may result in limited disclosure of memory or a process restart.
- Description
- -
- Hype score
- Not currently trending
🚨 Nginx 1.31.2 yayınlandı. Öne çıkan yamalar: • HTTP/3 + QUIC tarafında use-after-free açığı (CVE-2026-42530) • HTTP/2/gRPC proxy senaryolarında heap overflow riski (CVE-2026-42055) • charset_map UTF-8 işleme kaynaklı memory overread (CVE-2026-48142) Mutl
@ridvanyagli
18 Jun 2026
151 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
#nginx 1.30.3 で CVE-2026-42055 と CVE-2026-48142 がfix か https://t.co/JC5hKJkY1X
@stuons
17 Jun 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2026-06-17 nginx-1.30.3 stable and nginx-1.31.2 mainline versions have been released, (CVE-2026-42530),(CVE-2026-48142),(CVE-2026-42055), fix https://t.co/7HtZYwRWiH
@hacker_infra
17 Jun 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
nginx 1.30.3 and 1.31.2 released to fix CVE-2026-42055, CVE-2026-48142 and CVE-2026-42530 https://t.co/8dCg0h930B
@jedisct1
17 Jun 2026
681 Impressions
2 Retweets
10 Likes
0 Bookmarks
0 Replies
1 Quote